1

I'd like to patch some Windows PE file to show just simple MessageBox. Taking into account that the PE in question doesn't import the MessageBoxA function if I'm right that all i need to do is to add the user32.dll to the Imports Section with MessageBoxA function. And then just patch the code (using IDA or OllyDbg or sth. similar) adding a call instruction to the address of the newly added MessageBoxA function from Imports? If I'm right that after adding a new entry to the Imports the Windows Loader automatically map the MessageBoxA function physical address to the virtual PE address space making the PE possible to call the needed function?

Improve this question
2
  • 2
    I believe LIEF will help you with patching. Check this documentation: lief-project.github.io/doc/latest/tutorials/…
    – y_v
    Commented Aug 7, 2023 at 15:26
  • 1
    Well you're right about your import manipulation, yes. But a mere call won't help you. Depending on what the target is -- OllyDbg makes me assume x86 or x64, though -- you need to be aware of the calling convention(s) and pass the arguments in registers or on the stack accordingly. So it'd be some mov or push before the call, too.
    – 0xC0000022L
    Commented Aug 7, 2023 at 16:08

0

Reset to default

Browse other questions tagged or ask your own question.